No security by obscurity - why two factor authentication should be based on an open design

@article{Yu2011NoSB,
  title={No security by obscurity - why two factor authentication should be based on an open design},
  author={Jinying Yu and Philipp Brune},
  journal={Proceedings of the International Conference on Security and Cryptography},
  year={2011},
  pages={418-421}
}
The recently reported security issue possibly compromising the security tokens sold by a major vendor of two factor authentication (2FA) solutions (Schneier, 2011) demonstrates the importance of the basic principle of using an open design for security solutions (Saltzer and Schroeder, 1974). In particular, the safety of such devices should not be based on the use of a secret algorithm or seed value to generate a sequence of one-time passwords (OTP) inside the security token. Instead, we argue… CONTINUE READING

Citations

Publications citing this paper.
Showing 1-2 of 2 extracted citations

An Empirical Study of HTTP-based Financial Botnets

IEEE Transactions on Dependable and Secure Computing • 2016
View 7 Excerpts
Highly Influenced

Towards a taxonomy for security threats on the web ecosystem

NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium • 2016
View 1 Excerpt

References

Publications referenced by this paper.
Showing 1-10 of 11 references

Schneier on security

View 3 Excerpts
Highly Influenced

Attacks and Solutions on Strong-Password Authentication

C. L. Lin, H. M. Sun, T. Hwang
IEICE Transactions on Communications, E84-B(9), 26222627. • 2001

Similar Papers

Loading similar papers…